What is the Layer 2 Tunneling Protocol (L2TP)?

The Layer 2 Tunneling Protocol (L2TP) is a virtual private network (VPN) protocol that creates a connection between your device and a VPN server without encrypting your content. Due to its lack of encryption and authentication, L2TP is usually paired with Internet Protocol Security (IPsec) protocol. IPsec uses encryption algorithms and cryptographic keys to provide L2TP with the necessary encryption. IPsec also controls data that travels between the endpoints of the created connection tunnel between the end user and a VPN server online.

However, L2TP is almost 24 years old, outdated, and not frequently used. This is one of the reasons why NordVPN no longer supports it.

As with other VPN protocols, the first stage of tunneling your data through the internet via L2TP is to establish a connection between your device and the VPN server you want to reach. Once L2TP, combined with IPsec, creates a tunnel between the endpoints, the data you want to send through it passes these stages:

1. The data you want to send through a VPN connection is broken up into packets.
2. IPsec encrypts these packets to secure the data from unauthorized access.
3. L2TP encapsulates the encrypted packets into its own packets to create a tunnel to transmit the data through the public network safely.
4. The L2TP packets are sent over the internet.
5. L2TP unpacks the encapsulated packets at the receiving end (a VPN server), and IPsec decrypts them.
6. The decrypted packets are restored to the original data, which is then accessible on the local area network (LAN) connected to the VPN server.

Though L2TP is a considerably old data tunneling protocol, it’s still widely used. Let’s take a look at the features that gained L2TP its popularity.

• Compatibility. L2TP, in combination with IPsec, is supported by different types of devices and operating systems, including Windows, MacOS, Linux, iOS, Android, and routers.
• Multi-protocol support. L2TP is designed to work with various types of protocols protecting the tunneled data and can even handle data from higher-layer protocols. This means that L2TP can handle IPV4 and IPv6.
• PPP integration. Using Point-to-Point Protocol (PPP) for encapsulating data within the created tunnel, L2TP can extend its features to support authentication, encryption (when combined with IPsec), and compression. However, modern VPN protocols have moved towards more secure and flexible encapsulation and encryption methods.
• Voluntary and compulsory tunneling. L2TP supports both voluntary tunneling, which the VPN user initiates, and compulsory tunneling, initiated by the network’s carrier.

As mentioned earlier, L2TP has been on the market for nearly 24 years and is considered to be outdated. Here are some of L2TP’s major drawbacks that are good reasons for not using it anymore:

• Slowness. L2TP is a slow protocol because it encapsulates (hides or restricts the direct access of data) your data twice, which leads to slower transmission speeds.
• Lack of safety. Designed only to create a tunnel for the data to pass through, L2TP itself doesn’t encrypt the transmitted data. As a result, this protocol is highly susceptible to various sorts of data breaches.
• Liable to network restrictions. L2TP struggles to bypass firewalls and is unreliable when circumventing network restrictions.
• Complicated setup. L2TP is a more complex protocol to set up when compared to newer tunneling protocols because it needs to be paired with IPsec to encrypt the transmitted data.

L2TP passthrough is a feature that enables L2TP traffic to pass through the router’s network address translator (NAT), which is connected to the VPN client, and establish an outbound connection to a VPN server on the internet.

Without the VPN passthrough enabled, the router’s security settings may prevent the L2TP traffic from reaching the desired VPN server. However, the router doesn’t perform L2TP processing and simply forwards L2TP traffic between the VPN client and a VPN server. Remember that not all routers may provide a passthrough for VPN traffic. Otherwise, they may support passthrough only for a certain type of VPN protocol. So make sure to check your router’s configuration settings before you try to establish a VPN connection on your router.

L2TP is just one among many VPN protocols used today. Let’s take a look at how its features compare with other protocols, both older and newer.

Point-to-Point Tunneling Protocol (PPTP) was initially designed to create VPN connections over dial-up networks, but it can also connect over other network types. L2TP and PPTP were established in 1999 and were the forerunners of the protocols we have now.

After more than twenty years, PPTP is considered an outdated protocol, providing weak encryption and many security vulnerabilities. PPTP is generally faster than L2TP/IPsec because of its weaker encryption, but naturally, this comes at the cost of low-level security when establishing a VPN connection. PPTP is more susceptible to firewalls blockage, while both L2TP and PPTP have poor P2P support. As a result, it is not recommended to use either of the two protocols.

Key Exchange version 2 (IKEv2) is a protocol that allows a secure exchange of encryption keys over a VPN connection. It is part of the IPsec suite of protocols created to encrypt IP packets for higher security online.

The IKEv2 protocol usually works faster than L2TP and can quickly switch networks and re-establish a VPN connection when it’s temporarily lost. While L2TP is often combined with IPSec for encryption, IKEv2 was inherently designed to work with IPsec and is considered a very secure protocol. Both L2TP/IPSec and IKEv2/IPsec are widely supported across various platforms, though the IKEv2 protocol may sometimes require third-party software. IKEv2 and L2TP can also similarly struggle with firewall traversal. Despite its drawbacks, IKEv2 is still a more advanced VPN protocol than L2TP.

OpenVPN is one of the most secure VPN protocols available. It’s an open-source protocol available on various platforms widely used to create point-to-point or site-to-site connections.

OpenVPN is a safer protocol than L2TP because it uses SSL/TLS for encryption key exchange, which can easily pass various connection barriers. OpenVPN is generally faster than L2TP, particularly on higher latency connections and devices with lower computational power. Unlike L2TP, OpenVPN is not natively supported on most platforms and requires third-party software. However, L2TP has less flexibility in its setup and configuration than OpenVPN. OpenVPN is also superior when it comes to traversing firewalls because it can be set to run on any port. OpenVPN can provide enhanced security, privacy, and flexibility to a VPN connection, making it one of the top choices among VPN protocols. These are only some of the reasons why NordVPN has established its own version of OpenVPN.

The Secure Socket Tunneling Protocol (SSTP) was created by Microsoft to be used mainly on Windows devices.

Similarly to OpenVPN, SSTP uses SSL/TLS encryption protocol, which makes it a safer and more robust choice for a VPN protocol. Unlike L2TP, SSTP is natively supported on Windows devices but may still require third-party software. Because SSTP uses SSL/TLS, it can fairly easily pass through firewalls and proxies, whereas L2TP faces difficulties doing so. On the other hand, SSTP can sometimes work slower due to its complicated encryption setup, which may require additional processing. However, SSTP is a good choice if you’re using the Windows operating system because it exceeds L2TP functionalities significantly.